Keep It Simple, Like Leonardo da Vinci

No discussion of the Renaissance—arguably the most important era in human history—would be complete without the inclusion of Leonard da Vinci. No individual personified the term “Renaissance man” more than da Vinci—artist, author, architect, inventor, scientist, and more.

An aphorism generally attributed to him—“Simplicity is the ultimate sophistication”—is especially relevant today. It should inspire us to rethink, re-architect, and redesign how we build cutting-edge cybersecurity defenses that go far beyond the next shiny new tool. Simplicity is often the foundation for tackling complex problems and solving them to achieve sustained results in the most efficient way possible.

For business leaders who have to deal with complexity, this concept is key. And by simplicity, I don’t mean simple. In fact, we must set ambitious, even audacious, goals for ensuring the continuous, long-term security of our data, our systems, our operations, and our people.

This is particularly important when we think about the rapidly changing nature of risk—everything from a rapid adoption of public cloud to mobile and agile workforce, “tool sprawl,” connected operational networks, increasingly automated adversary, the dark web, and the maze of compliance mandates.

It’s also critical as we embrace innovation and agility through iterative development, infrastructure and security as code, and virtualized workforces—exciting opportunities that, nonetheless, have the potential to create more complexity unless we lead with simpler approaches.

Simplicity is what helps our SecOps and business teams deal with the bombardment of technology that may give our organizations more opportunities for advancement, but also ups the stakes for cybersecurity. With hundreds of companies offering cybersecurity hardware, software, and services, it’s tougher than ever for organizations like yours to sort through it all to discern what works—and what works best.

The notion of “defense in depth”—for years, the basis for most organizations’ cybersecurity strategies—no longer is effective. The very nature of our heterogeneous environments leads to dangerous and often-overlooked gaps in coverage, creating yawning vulnerability gaps. And we can’t solve the problem by ramping up our hiring efforts for two big reasons: the 3-million-person global cybersecurity skills shortage, and the increased use of bots, algorithms, machine learning, and very cheap and widely available exploit kits by cyberattackers.

Moreover, security operations centers (SOCs) are not effective as they are overwhelmed by event overload and a manual approach to an automated adversary. We need to simplify and transform security architecture and operations, and we need to do it now.